Cisco Cybersecurity Report

- [Instructor] Network administrators place security as a top priority. An organization must incorporate safeguards into the security compliance plan to defend against attacks. Safeguards include administrative, physical and technical controls. Everyone plays a role in keeping an organization's information and systems safe and secure. An attack occurs when someone tries to break into a secured system to steal or modify information, or introduce malicious code. An attack can be against any of the security services: Confidentiality, integrity, availability or authentication. The two main types of attacks in a computer system are passive, such as sniffing traffic, and active, such as releasing malware or creating a denial of service. Let's take a look at the Cisco Cybersecurity Report here at this webpage. I'll scroll down, and here you can see a couple of things that they cover in this report. On the left-hand side we see that there is an evolution of malware. Malware is becoming more vicious and more aggressive, and they're finding it harder to combat because the signatures are changing. The malware is polymorphic in nature and eludes detection. We're seeing network based ransomware worms, to devastating wiper malware. In the center we see malicious encrypted web traffic. Now this is a two edged sword. We know that encryption is used to protect our data from prying eyes. However, 50% of global web traffic was encrypted as of October 2017. What is happening is the malicious actors are using encryption to conceal their command and control activity. On the right-hand side now we see what we're doing to detect this type of activity. More enterprises are turning to machine learning and artificial intelligence. With these capabilities, they're able to spot unusual patterns in large volumes of encrypted traffic. Down below we see some major findings. "Burst attacks" grow in complexity, frequency and duration. These are denial service attacks that are showered with aggressive amounts of traffic to shut down a service. It also relates to what they call "amplification attacks" that are inside the network where the bandwidth swells so much that no traffic gets through. In the center, many new domains are tied to spam campaigns. Now we see the malicious domains about 60% are associated with spam campaigns. Now this relates to the domains that are blacklisted. Now we don't want to receive any email from those domains as spam accounts for a large percentage of the ransomware attacks. We see more internet of things attacks on the horizon. Now this is just the beginning, but we're seeing huge amounts of homes and business implementing internet of things that are untested and have many vulnerabilities. As a result, we're seeing cyber attacks on the horizon. Then the last thing here, it says, "The multivendor environment affects risk." And this is because of the bring your own device, the internet of things, and the fact is that there are so many different operating systems in today's complex networks. This adds to the risk because most of the time we can't update all of them. It just simply isn't possible. So therefore we are having vulnerability simply because of the multivendor environment. Now there are standards and regulations that define security measures that we need to implement. And those include: PCI DSS, HIPAA, SOX and General Data Protection Regulation. Those define security measures to prevent data loss. But there's also guidelines such as the COBIT framework that help security professionals effectively manage and protect their information and infrastructure. By making security improvements and adhering to best practices, businesses can slow the malicious actors' progress and reduce their exposure to risks.